Information Security Policy

Purpose

The purpose of this document is to provide a clear statement of our commitment to Information Security and the protection of key information.

Information Security (IS)

Our aim is to ensure we provide a secure environment and approach in the handling of information and in the most effective and efficient manner possible whilst complying fully with all legal requirements, either explicit or implicit.

The application of IS is founded on the following guiding principles:

  • Information will be protected from loss of confidentiality, integrity and availability.

  • Information security requirements will be by assessment of risks.

  • Users, resources or processes that store, transmit or process information will only have privileges according to their function.

  • All relevant regulatory and legislative information security requirements will be met. - All information security incidents, actual or suspected, must be reported on.

Roles and responsibilities

All staff have a responsibility in how they handle and protect information, details of these roles and responsibilities. These responsibilities will also be made clear to contractors and other partners as appropriate.

Information Risk

We recognise that information is a valuable asset and we are committed protecting information through preserving Confidentiality, Integrity and Availability.

Information Sharing

Sharing of personal information within and outside Counsel Ltd will only be carried out in compliance with the relevant legislative framework.

Privacy by Design

We will consider all aspects of Data Protection when procuring / implementing any new system, application, process or a when a change occurs to an existing system, application or process.

Standards

To promote information security, the following standards are expected of all staff, contractors and partners:

  • Use of passwords and encryption on all sensitive files and on all equipment including laptops and mobile phones.

  • Adherence to a clear desk policy, with sensitive hard copy files and equipment to be removed and stored securely at the end of each working day.

  • Particular care and attention to be paid when working in public areas.

  • As far as practicably possible, for all files and equipment to be stored in a secure location which has physical access controls and not, for example held in cars or other vulnerable locations for prolonged periods or overnight.

  • Laptop, desktop and other screens should always be locked when left unattended.

  • Anti virus software should be kept up to date.

  • Attachments, particularly from unknown sources, should be opened with care.

  • Data and information will only be kept for the strict purpose for which it was given – and will be deleted on a periodic basis and/or on the conclusion of contract(s)/project(s).

  • Files and equipment will be disposed of in a safe and responsible manner.

Business Continuity

As a small company, our approach to business continuity must be proportionate. In the case of significant interruption to business, the following protocols are in place:

  • Availability of spare hardware and equipment.

  • Availability of alternative locations from which to conduct business.

All clients, partners and other relevant persons will be notified as soon as practicably possible of any significant interruption to business and, if necessary, revised timescale(s) and workplans agreed. Our terms and conditions provide further information about the conduct of business relationships.

Assurance

An annual review of IS arrangements will be managed by the Company Director.